package cn.java81.jdbc;

import cn.java81.util.DbUtil;

import java.sql.*;

/**
 * @author oldliu
 * @since 1.0
 */
public class SelectStudent2 {
    public static void main(String[] args) {

        //占位符的方案：错误
        String sql = "select sname as nm,qq,enterdate from s_student where stuno=?";

        Connection connection = DbUtil.getConnection();
        PreparedStatement st = null;
        ResultSet rs = null;
        try {
            st = connection.prepareStatement(sql);
            //sql注入漏洞
            System.out.println(sql);
            st.setLong(1, 207L);
            rs = st.executeQuery();
            while (rs.next()) {
               String name=rs.getString("nm");
               String qq=rs.getString("qq");
                //Date enterdate = rs.getDate("enterdate");
                Timestamp enterdate = rs.getTimestamp("enterdate");
                System.out.println(name+","+qq+","+enterdate);
            }
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            DbUtil.close(rs, st, connection);
        }

    }
}
